dependabot-cargo 0.258.0 → 0.259.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/cargo/helpers.rb +1 -1
  3. data/lib/dependabot/cargo/metadata_finder.rb +24 -10
  4. data/lib/dependabot/cargo/update_checker/latest_version_finder.rb +54 -27
  5. data/lib/dependabot/cargo/update_checker/requirements_updater.rb +5 -1
  6. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8739c31a40cab452323ea82cce1a2c476c06acf1eb59c4a4154103932ecae2a0
4
- data.tar.gz: f1f6a8b0c616c303be94632371ca158094ad9677c74dc251d0fab62d1358d71c
3
+ metadata.gz: f574254dc30cded50cbacf3c567318d9420c3697663bf4b7755c0efe3bd7be8d
4
+ data.tar.gz: 11e7d101a66a74feef633458f7f166bc52710123123b9c14e8d1a37159f793b2
5
5
  SHA512:
6
- metadata.gz: 52a28e5fd1a528b2fb40c60f4f46faec152a70d04cd553d4cee33160eea6dca3b2adb347c10e1b01fa90a6937fa07c67d2bff073aa6d124318ab6cf87c447456
7
- data.tar.gz: 23d3b8bbff934592d8237f64ddb3206a29234ab1586cf695b3fa4ea04d09b40bd6e96561864bf22f2d8d4a59109a629ac46359b1e7d4e9252a9b43928ee276bc
6
+ metadata.gz: 623435a9303a427346727fd956806425f47ad30bd875b99c1deb5b31eac564673299d69227259ee37ee32816b7617bd97d51b1835d339f81325c5368818d4f19
7
+ data.tar.gz: c3c2f43eaadb3809cdf9535b0ba0f1b708d984f0610ffd3d1d10bad4fb298cefea1adca42b8ab90810108ca453e4eb77ce1a6b92556f269943e7f80d7cc4cecc
data/lib/dependabot/cargo/helpers.rb CHANGED
@@ -17,7 +17,7 @@ module Dependabot
17
17
  # (We must add these environment variables here, or 'cargo update' will not think it is
18
18
  # configured properly for the private registries.)
19
19
 
20
- token_env_var = "CARGO_REGISTRIES_#{cred['cargo_registry'].upcase.tr('-', '_')}_TOKEN"
20
+ token_env_var = "CARGO_REGISTRIES_#{cred['registry'].upcase.tr('-', '_')}_TOKEN"
21
21
 
22
22
  token = "placeholder_token"
23
23
  if cred["token"].nil?
data/lib/dependabot/cargo/metadata_finder.rb CHANGED
@@ -48,26 +48,40 @@ module Dependabot
48
48
 
49
49
  info = dependency.requirements.filter_map { |r| r[:source] }.first
50
50
  index = (info && info[:index]) || CRATES_IO_API
51
+ hdrs = build_headers(index, info)
51
52
 
52
- # Default request headers
53
+ url = metadata_fetch_url(dependency, index)
54
+ response = fetch_metadata(url, hdrs)
55
+
56
+ @crates_listing = parse_response(response, index)
57
+ end
58
+
59
+ def build_headers(index, info)
53
60
  hdrs = { "User-Agent" => "Dependabot (dependabot.com)" }
61
+ return hdrs if index == CRATES_IO_API
54
62
 
55
- if index != CRATES_IO_API
56
- # Add authentication headers if credentials are present for this registry
57
- credentials.find { |cred| cred["type"] == "cargo_registry" && cred["registry"] == info[:name] }&.tap do |cred|
58
- hdrs["Authorization"] = "Token #{cred['token']}"
59
- end
63
+ credentials.find { |cred| cred["type"] == "cargo_registry" && cred["registry"] == info[:name] }&.tap do |cred|
64
+ hdrs["Authorization"] = "Token #{cred['token']}"
60
65
  end
61
66
 
62
- url = metadata_fetch_url(dependency, index)
67
+ hdrs
68
+ end
63
69
 
64
- response = Excon.get(
70
+ def fetch_metadata(url, headers)
71
+ Excon.get(
65
72
  url,
66
73
  idempotent: true,
67
- **SharedHelpers.excon_defaults(headers: hdrs)
74
+ **SharedHelpers.excon_defaults(headers: headers)
68
75
  )
76
+ end
69
77
 
70
- @crates_listing = JSON.parse(response.body)
78
+ def parse_response(response, index)
79
+ if index.start_with?("sparse+")
80
+ parsed_response = response.body.lines.map { |line| JSON.parse(line) }
81
+ { "versions" => parsed_response }
82
+ else
83
+ JSON.parse(response.body)
84
+ end
71
85
  end
72
86
 
73
87
  def metadata_fetch_url(dependency, index)
data/lib/dependabot/cargo/update_checker/latest_version_finder.rb CHANGED
@@ -97,46 +97,33 @@ module Dependabot
97
97
  crates_listing
98
98
  .fetch("versions", [])
99
99
  .reject { |v| v["yanked"] }
100
- .map { |v| version_class.new(v.fetch("num")) }
100
+ # Handle both default and sparse registry responses.
101
+ # Default registry uses "num" for version number.
102
+ # Sparse registry uses "vers" for version number.
103
+ .map do |v|
104
+ version_number = v["num"] || v["vers"]
105
+ version_class.new(version_number)
106
+ end
101
107
  end
102
108
 
103
109
  def crates_listing
104
110
  return @crates_listing unless @crates_listing.nil?
105
111
 
106
- info = dependency.requirements.filter_map { |r| r[:source] }.first
107
- index = (info && info[:index]) || CRATES_IO_API
108
-
109
- # Default request headers
110
- hdrs = { "User-Agent" => "Dependabot (dependabot.com)" }
111
-
112
- if index != CRATES_IO_API
113
- # Add authentication headers if credentials are present for this registry
114
- registry_creds = credentials.find do |cred|
115
- cred["type"] == "cargo_registry" && cred["registry"] == info[:name]
116
- end
117
-
118
- unless registry_creds.nil?
119
- # If there is a credential, but no actual token at this point, it means that dependabot-cli
120
- # stripped the token from our credentials. In this case, the dependabot proxy will reintroduce
121
- # the correct token, so we just use 'placeholder_token' as the token value.
122
- token = registry_creds["token"] || "placeholder_token"
112
+ info = fetch_dependency_info
113
+ index = fetch_index(info)
123
114
 
124
- hdrs["Authorization"] = token
125
- end
126
- end
115
+ hdrs = default_headers
116
+ hdrs.merge!(auth_headers(info)) if index != CRATES_IO_API
127
117
 
128
118
  url = metadata_fetch_url(dependency, index)
129
119
 
130
120
  # B4PR
131
121
  puts "Calling #{url} to fetch metadata for #{dependency.name} from #{index}"
132
122
 
133
- response = Excon.get(
134
- url,
135
- idempotent: true,
136
- **SharedHelpers.excon_defaults(headers: hdrs)
137
- )
123
+ response = fetch_response(url, hdrs)
124
+ return {} if response.status == 404
138
125
 
139
- @crates_listing = JSON.parse(response.body)
126
+ @crates_listing = parse_response(response, index)
140
127
 
141
128
  # B4PR
142
129
  puts "Fetched metadata for #{dependency.name} from #{index} successfully"
@@ -145,6 +132,46 @@ module Dependabot
145
132
  @crates_listing
146
133
  end
147
134
 
135
+ def fetch_dependency_info
136
+ dependency.requirements.filter_map { |r| r[:source] }.first
137
+ end
138
+
139
+ def fetch_index(info)
140
+ (info && info[:index]) || CRATES_IO_API
141
+ end
142
+
143
+ def default_headers
144
+ { "User-Agent" => "Dependabot (dependabot.com)" }
145
+ end
146
+
147
+ def auth_headers(info)
148
+ registry_creds = credentials.find do |cred|
149
+ cred["type"] == "cargo_registry" && cred["registry"] == info[:name]
150
+ end
151
+
152
+ return {} if registry_creds.nil?
153
+
154
+ token = registry_creds["token"] || "placeholder_token"
155
+ { "Authorization" => token }
156
+ end
157
+
158
+ def fetch_response(url, headers)
159
+ Excon.get(
160
+ url,
161
+ idempotent: true,
162
+ **SharedHelpers.excon_defaults(headers: headers)
163
+ )
164
+ end
165
+
166
+ def parse_response(response, index)
167
+ if index.start_with?("sparse+")
168
+ parsed_response = response.body.lines.map { |line| JSON.parse(line) }
169
+ { "versions" => parsed_response }
170
+ else
171
+ JSON.parse(response.body)
172
+ end
173
+ end
174
+
148
175
  def metadata_fetch_url(dependency, index)
149
176
  return "#{index}/#{dependency.name}" if index == CRATES_IO_API
150
177
 
data/lib/dependabot/cargo/update_checker/requirements_updater.rb CHANGED
@@ -141,7 +141,11 @@ module Dependabot
141
141
  raise UnfixableRequirement if req.start_with?(">")
142
142
 
143
143
  req.sub(VERSION_REGEX) do |old_version|
144
- update_greatest_version(old_version, target_version)
144
+ if req.start_with?("<=")
145
+ target_version
146
+ else
147
+ update_greatest_version(old_version, target_version)
148
+ end
145
149
  end
146
150
  end.join(", ")
147
151
  rescue UnfixableRequirement
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-cargo
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.258.0
4
+ version: 0.259.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-05-16 00:00:00.000000000 Z
11
+ date: 2024-05-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.258.0
19
+ version: 0.259.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.258.0
26
+ version: 0.259.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -263,7 +263,7 @@ licenses:
263
263
  - MIT
264
264
  metadata:
265
265
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
266
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.258.0
266
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.259.0
267
267
  post_install_message:
268
268
  rdoc_options: []
269
269
  require_paths: